Re: [PATCH net] tipc: free bearer discoverer via RCU to fix tipc_disc_rcv UAF
From: Tung Quang Nguyen <hidden>
Date: 2026-06-16 11:34:55
Also in:
lkml, stable
From: Tung Quang Nguyen <hidden>
Date: 2026-06-16 11:34:55
Also in:
lkml, stable
Subject: Re: [PATCH net] tipc: free bearer discoverer via RCU to fix tipc_disc_rcv UAF
Oops, I missed that patch! I'm not sure what the etiquette is in this case, but I'm happy to defer to the original submitter (CCd) if they're working on a new patch and/or add any appropriate trailers to my v2.
I've prepared a v2 to submit after the ~24h period, addressing your changes and taking into account Eric's feedback from the earlier submission as well (adding an rcu_barrier() in tipc_exit()).
Eric's concern is correct but it needs to be addressed in a separate patch because it is a pre-existing issue. It requires another reproduction (load/unload TIPC kernel module) and other considerations (calling call_rcu() from timer etc.). For now, I think you just need to address my comment.